package com.ojoin.trade.common.web.shiro;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.stereotype.Service;

import com.ojoin.trade.common.constdef.IConstDef;
import com.ojoin.trade.common.utils.CommonUtils;
import com.ojoin.trade.common.utils.IpUtils;
import com.ojoin.trade.common.web.domain.Result;
import com.ojoin.trade.common.web.domain.Result.Status;

/**
 * 表单验证（包含验证码）过滤类
 */
@Service
public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.FormAuthenticationFilter {

	public static final String DEFAULT_CAPTCHA_PARAM = "jcaptchaCode";
	public static final String DEFAULT_MESSAGE_PARAM = "message";

	private String captchaParam = DEFAULT_CAPTCHA_PARAM;
	private String messageParam = DEFAULT_MESSAGE_PARAM;

	protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) {
		String username = getUsername(request);
		String password = getPassword(request);
		if (password==null){
			password = "";
		}
		boolean rememberMe = isRememberMe(request);
		String host = IpUtils.getIpAddr((HttpServletRequest)request);
		String captcha = getCaptcha(request);
		String loginType=getLoginType(request);
		return new UsernamePasswordToken(username, password, rememberMe, host, captcha,loginType);
	}

	public String getCaptchaParam() {
		return captchaParam;
	}

	protected String getCaptcha(ServletRequest request) {
		return WebUtils.getCleanParam(request, getCaptchaParam());
	}

	protected String getLoginType(ServletRequest request) {
		return WebUtils.getCleanParam(request, IConstDef.loginTypeParamKey);
	}
	
	public String getMessageParam() {
		return messageParam;
	}
	
	@Override  
    protected boolean onLoginSuccess(AuthenticationToken token,  
            Subject subject, ServletRequest request, ServletResponse response)  
            throws Exception {  
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;  
        HttpServletResponse httpServletResponse = (HttpServletResponse) response;  
        //是ajax请求 
        if (CommonUtils.isAjaxRequest(httpServletRequest)) { 
        	CommonUtils.sendJOSNResponse(httpServletResponse, new Result(Status.OK, CommonUtils.getSessionUser(httpServletRequest)));
        } else {
        	issueSuccessRedirect(request, response);  
        }  
        return false;  
    }

	/**
	 * 默认重新定位到登录地址，而不是配置的successUrl
	 */
	@Override
	protected void issueSuccessRedirect(ServletRequest request,
			ServletResponse response) throws Exception {
      	 WebUtils.issueRedirect(request, response, getSuccessUrl(), null, true);
 
	}
	
	
	@Override
	protected void setFailureAttribute(ServletRequest request, org.apache.shiro.authc.AuthenticationException ae) {
		request.setAttribute(getFailureKeyAttribute(), ae);
	}

}